Abstract

This specification defines a method to determine Kerberos realm names
for services that are known by their DNS name. Currently, such
information can only be found in static mappings or through educated
guesses. DNS can make this process more flexible, provided that
DNSSEC is used to assure authenticity of resource records.